aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-03-17 21:46:12 (GMT)
committerJouni Malinen <j@w1.fi>2014-03-17 22:39:39 (GMT)
commit40bdceac8814eefd9a6ad7f0960be13b14925ec5 (patch)
tree6c24fc19be9a29d3d45edad80dfb93cb1c70084b /hs20
parent4d65deda7f9159be33a33f6c93772868bce3c019 (diff)
downloadhostap-40bdceac8814eefd9a6ad7f0960be13b14925ec5.zip
hostap-40bdceac8814eefd9a6ad7f0960be13b14925ec5.tar.gz
hostap-40bdceac8814eefd9a6ad7f0960be13b14925ec5.tar.bz2
HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from command line due to overly complex way of setting ctx->ca_fname. Configure this more consistently in osu_client.c as soon as the CA file name has been determined. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/client/oma_dm_client.c26
-rw-r--r--hs20/client/osu_client.c58
-rw-r--r--hs20/client/osu_client.h24
-rw-r--r--hs20/client/spp_client.c28
4 files changed, 61 insertions, 75 deletions
diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c
index 8fc350b..82e9106 100644
--- a/hs20/client/oma_dm_client.c
+++ b/hs20/client/oma_dm_client.c
@@ -1,6 +1,6 @@
/*
* Hotspot 2.0 - OMA DM client
- * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -909,7 +909,7 @@ static int oma_dm_get_cmdid(struct hs20_osu_client *ctx, xml_node_t *node)
static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
const char *url, xml_node_t *syncml,
- const char *ext_hdr, const char *ca_fname,
+ const char *ext_hdr,
const char *username, const char *password,
const char *client_cert,
const char *client_key)
@@ -928,7 +928,7 @@ static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
os_free(ctx->server_url);
ctx->server_url = os_strdup(url);
res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml",
- ext_hdr, ca_fname, username, password,
+ ext_hdr, ctx->ca_fname, username, password,
client_cert, client_key, NULL);
os_free(str);
os_free(resp_uri);
@@ -1123,8 +1123,7 @@ static xml_node_t * oma_dm_process(struct hs20_osu_client *ctx, const char *url,
}
-int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname)
+int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url)
{
xml_node_t *syncml, *resp;
char *resp_uri = NULL;
@@ -1145,8 +1144,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
- syncml, NULL, ca_fname, NULL, NULL,
- NULL, NULL);
+ syncml, NULL, NULL, NULL, NULL, NULL);
if (resp == NULL)
return -1;
@@ -1162,8 +1160,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
}
-int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname)
+int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url)
{
xml_node_t *syncml, *resp;
char *resp_uri = NULL;
@@ -1192,8 +1189,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
- syncml, NULL, ca_fname, NULL, NULL,
- NULL, NULL);
+ syncml, NULL, NULL, NULL, NULL, NULL);
if (resp == NULL)
return -1;
@@ -1223,7 +1219,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@@ -1242,7 +1238,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
- syncml, NULL, ca_fname, cred_username,
+ syncml, NULL, cred_username,
cred_password, client_cert, client_key);
if (resp == NULL)
return;
@@ -1270,7 +1266,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@@ -1289,7 +1285,7 @@ void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
- syncml, NULL, ca_fname, cred_username,
+ syncml, NULL, cred_username,
cred_password, client_cert, client_key);
if (resp == NULL)
return;
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 2175fc3..6e6de65 100644
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -1,6 +1,6 @@
/*
* Hotspot 2.0 OSU client
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -1993,7 +1993,7 @@ static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
- const char *ssid, const char *url, const char *ca_fname,
+ const char *ssid, const char *url,
unsigned int methods, int no_prod_assoc,
const char *osu_nai)
{
@@ -2068,9 +2068,9 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
ctx->no_reconnect = 1;
if (methods & 0x02)
- res = cmd_prov(ctx, url, ca_fname);
+ res = cmd_prov(ctx, url);
else if (methods & 0x01)
- res = cmd_oma_dm_prov(ctx, url, ca_fname);
+ res = cmd_oma_dm_prov(ctx, url);
wpa_printf(MSG_INFO, "Remove OSU network connection");
write_summary(ctx, "Remove OSU network connection");
@@ -2093,7 +2093,7 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
- int connect, const char *ca_fname, int no_prod_assoc,
+ int connect, int no_prod_assoc,
const char *friendly_name)
{
char fname[255];
@@ -2264,14 +2264,14 @@ selected:
if (connect == 2) {
if (last->methods & 0x02)
- ret = cmd_prov(ctx, last->url, ca_fname);
+ ret = cmd_prov(ctx, last->url);
else if (last->methods & 0x01)
- ret = cmd_oma_dm_prov(ctx, last->url, ca_fname);
+ ret = cmd_oma_dm_prov(ctx, last->url);
else
ret = -1;
} else if (connect)
ret = osu_connect(ctx, last->bssid, last->osu_ssid,
- last->url, ca_fname, last->methods,
+ last->url, last->methods,
no_prod_assoc, last->osu_nai);
} else
ret = -1;
@@ -2282,8 +2282,8 @@ selected:
}
-static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
- int no_prod_assoc, const char *friendly_name)
+static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
+ const char *friendly_name)
{
char dir[255];
char fname[300], buf[400];
@@ -2334,8 +2334,7 @@ static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
}
wpa_printf(MSG_INFO, "OSU provider fetch completed");
- return cmd_osu_select(ctx, fname, 1, ca_fname, no_prod_assoc,
- friendly_name);
+ return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
}
@@ -2354,8 +2353,6 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
char *client_key = NULL;
int spp;
- ctx->ca_fname = ca_fname;
-
wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
address);
@@ -2399,6 +2396,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
return;
}
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
+ ctx->ca_fname = ca_fname;
pps = node_from_file(ctx->xml, pps_fname);
if (pps == NULL) {
@@ -2482,11 +2480,11 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
}
if (spp)
- spp_sub_rem(ctx, address, pps_fname, ca_fname,
+ spp_sub_rem(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
else
- oma_dm_sub_rem(ctx, address, pps_fname, ca_fname,
+ oma_dm_sub_rem(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
@@ -2555,6 +2553,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
return -1;
}
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
+ ctx->ca_fname = ca_fname;
pps = node_from_file(ctx->xml, pps_fname);
if (pps == NULL) {
@@ -2628,11 +2627,11 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
}
if (spp)
- spp_pol_upd(ctx, address, pps_fname, ca_fname,
+ spp_pol_upd(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
else
- oma_dm_pol_upd(ctx, address, pps_fname, ca_fname,
+ oma_dm_pol_upd(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
@@ -3077,13 +3076,15 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
- cmd_prov(&ctx, argv[optind + 1], argv[optind + 2]);
+ ctx.ca_fname = argv[optind + 2];
+ cmd_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "sim_prov") == 0) {
if (argc - optind < 2) {
usage();
exit(0);
}
- cmd_sim_prov(&ctx, argv[optind + 1], argv[optind + 2]);
+ ctx.ca_fname = argv[optind + 2];
+ cmd_sim_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
if (argc - optind < 2) {
usage();
@@ -3107,13 +3108,11 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
- cmd_osu_select(&ctx, argv[optind + 1], 2,
- argc > optind + 2 ? argv[optind + 2] : NULL,
- 1, NULL);
+ ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
+ cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
} else if (strcmp(argv[optind], "signup") == 0) {
- ret = cmd_signup(&ctx,
- argc > optind + 1 ? argv[optind + 1] : NULL,
- no_prod_assoc, friendly_name);
+ ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
+ ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
} else if (strcmp(argv[optind], "set_pps") == 0) {
if (argc - optind < 2) {
usage();
@@ -3131,14 +3130,15 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
- cmd_oma_dm_prov(&ctx, argv[optind + 1], argv[optind + 2]);
+ ctx.ca_fname = argv[optind + 2];
+ cmd_oma_dm_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
if (argc - optind < 2) {
usage();
exit(0);
}
- if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1],
- argv[optind + 2]) < 0) {
+ ctx.ca_fname = argv[optind + 2];
+ if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
return -1;
}
diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h
index ef568b4..092d6e1 100644
--- a/hs20/client/osu_client.h
+++ b/hs20/client/osu_client.h
@@ -1,6 +1,6 @@
/*
* Hotspot 2.0 - OSU client
- * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -73,39 +73,35 @@ void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname);
/* spp_client.c */
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
-int cmd_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname);
-int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname);
+int cmd_prov(struct hs20_osu_client *ctx, const char *url);
+int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url);
/* oma_dm_client.c */
-int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname);
-int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname);
+int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url);
+int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url);
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void cmd_oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname);
+ const char *pps_fname);
void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
const char *add_fname);
void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
diff --git a/hs20/client/spp_client.c b/hs20/client/spp_client.c
index 8022ccb..302a050 100644
--- a/hs20/client/spp_client.c
+++ b/hs20/client/spp_client.c
@@ -1,6 +1,6 @@
/*
* Hotspot 2.0 SPP client
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -776,7 +776,7 @@ static int spp_post_dev_data(struct hs20_osu_client *ctx,
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@@ -787,7 +787,7 @@ void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
os_free(ctx->server_url);
ctx->server_url = os_strdup(address);
- if (soap_init_client(ctx->http, address, ca_fname,
+ if (soap_init_client(ctx->http, address, ctx->ca_fname,
cred_username, cred_password, client_cert,
client_key) == 0) {
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION,
@@ -923,7 +923,7 @@ static int hs20_spp_update_response(struct hs20_osu_client *ctx,
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
- const char *pps_fname, const char *ca_fname,
+ const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@@ -934,7 +934,7 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
os_free(ctx->server_url);
ctx->server_url = os_strdup(address);
- if (soap_init_client(ctx->http, address, ca_fname, cred_username,
+ if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username,
cred_password, client_cert, client_key) == 0) {
spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update",
pps_fname, pps);
@@ -942,14 +942,11 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
}
-int cmd_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname)
+int cmd_prov(struct hs20_osu_client *ctx, const char *url)
{
unlink("Cert/est_cert.der");
unlink("Cert/est_cert.pem");
- ctx->ca_fname = ca_fname;
-
if (url == NULL) {
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
return -1;
@@ -960,8 +957,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
os_free(ctx->server_url);
ctx->server_url = os_strdup(url);
- if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
- 0)
+ if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
+ NULL) < 0)
return -1;
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
"Subscription registration", NULL, NULL);
@@ -970,11 +967,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
}
-int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
- const char *ca_fname)
+int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url)
{
- ctx->ca_fname = ca_fname;
-
if (url == NULL) {
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
return -1;
@@ -991,8 +985,8 @@ int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
}
- if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
- 0)
+ if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
+ NULL) < 0)
return -1;
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
"Subscription provisioning", NULL, NULL);